Vulnerability Description
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tychesoftwares | Product Input Fields For Woocommerce | < 1.2.7 |
Related Weaknesses (CWE)
References
- https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-product-input-fExploit
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatch
- https://wpscan.com/vulnerability/15f345e6-fc53-4bac-bc5a-de898181ea74Exploit
- https://www.wordfence.com/threat-intel/vulnerabilities/id/01e41573-9329-48e1-919Third Party Advisory
- https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-product-input-fExploit
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatch
- https://wpscan.com/vulnerability/15f345e6-fc53-4bac-bc5a-de898181ea74Exploit
- https://www.wordfence.com/threat-intel/vulnerabilities/id/01e41573-9329-48e1-919Third Party Advisory
FAQ
What is CVE-2020-36696?
CVE-2020-36696 is a vulnerability with a CVSS score of 7.5 (HIGH). The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and includin...
How severe is CVE-2020-36696?
CVE-2020-36696 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36696?
Check the references section above for vendor advisories and patch information. Affected products include: Tychesoftwares Product Input Fields For Woocommerce.